I have created a bucket in Cloud-Storage, and granted permission for my-gae-app (GAE), as Full_Control. I also configured CORS (Cross-Origin Resource Sharing) on my bucket for my-gae-app. I setup the bucket default ACL to have my-gae-app as owner.
In my-gae-app application, I have form to allow users to upload pdf/image to my-bucket. (I use GCS Client Library Functions) The upload process worked fine, when upload button is clicked, the file is written to my-bucket without error and I can verify from the cloud storage console that the files are there. I checked the files (object) permission, and I can see my-app-gae is the owner.
Other form which display those uploaded files are not working. Even as simple as "<"img src="https://storage.cloud.google.com/mybucket/my-uploaded-image.jpg"/">" The console show me that "GET ... 403 Forbidden". The page to show the pdf will display "Access Denied Access Denied".
I have tried to mark the object as "Shared Publicly" in the Cloud Storage console, than everything will work fine. But, this is not correct design. I need a solution to make my-bucket access by my-gae-app only, not publicly :o(
Can anyone please shed some light ? Much appreciated.